Vidensdatabase
Apache (Multi-Domain version) Print denne artikel
To generate CSR file which includes more than one Fully Qualified Domain Name, you need to generate a CSR with several commonName (CN) gaps.
Note: This instruction is for Unix system users.
In Unix you can generate it using OpenSSL configuration file
Edit the "/etc/ssl/openssl.cnf" file (this may be different)
[ req ]
default_bits = 2048
prompt = no
encrypt_key = no
default_md = sha1
distinguished_name = dn
[ dn ]
C = IE
O = Official name of your institution
0.CN = First FQDN of your server
1.CN = Second FQDN of your server
2.CN = Third FQDN of your server
# ... add as much as you need
The principal FQDN should appear as the first CN (0.CN= ) because only this one will be kept in the subject of the certificate. The other CN will be transfered to the subjectAltName field in the generated certificate.
There is also the option for openssl with Command Line, examples:
- servers with existing private key
openssl req -new -key myserver.key -out myserver.csr -subj "/C=IE/O=inst_name/CN=first_fqdn/CN=second_fqdn/CN=third_fqdn" -text-
create private key and CSR with multiple CN names
openssl req -new -newkey rsa:2048 -keyout myserver.key -out myserver.csr -subj "/C=IE/O=inst_name/CN=first_fqdn/CN=second_fqdn/CN=third_fqdn" -text
Note: This instruction is for Unix system users.
In Unix you can generate it using OpenSSL configuration file
Edit the "/etc/ssl/openssl.cnf" file (this may be different)
[ req ]
default_bits = 2048
prompt = no
encrypt_key = no
default_md = sha1
distinguished_name = dn
[ dn ]
C = IE
O = Official name of your institution
0.CN = First FQDN of your server
1.CN = Second FQDN of your server
2.CN = Third FQDN of your server
# ... add as much as you need
The principal FQDN should appear as the first CN (0.CN= ) because only this one will be kept in the subject of the certificate. The other CN will be transfered to the subjectAltName field in the generated certificate.
There is also the option for openssl with Command Line, examples:
- servers with existing private key
openssl req -new -key myserver.key -out myserver.csr -subj "/C=IE/O=inst_name/CN=first_fqdn/CN=second_fqdn/CN=third_fqdn" -text-
create private key and CSR with multiple CN names
openssl req -new -newkey rsa:2048 -keyout myserver.key -out myserver.csr -subj "/C=IE/O=inst_name/CN=first_fqdn/CN=second_fqdn/CN=third_fqdn" -text
Hjalp dette svar dig?
Relaterede artikler
What is CSR and who needs it?
A Certificate Signing Request is a text generated on the server that is used to create your SSL...
A Certificate Signing Request is a text generated on the server that is used to create your SSL...
Apache/OpenSSL
To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver,...
To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver,...
Apache (with mod_ssl)
Installing SSL certificate on Apache with mod_ssl To install certificate you need 2...
Installing SSL certificate on Apache with mod_ssl To install certificate you need 2...
Apple Mac OS X Server
CSR is generated in 2 steps.I. Private key generation1. Log into server and open...
CSR is generated in 2 steps.I. Private key generation1. Log into server and open...
Barracuda SSL VPN
Generating a Certificate Signing Request for Barracuda VPNFrom the appliance web interface,...
Generating a Certificate Signing Request for Barracuda VPNFrom the appliance web interface,...